apparmor denies access to vms for libvirt
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Mirantis OpenStack |
Fix Released
|
Critical
|
Aleksander Mogylchenko |
Bug Description
After a compute node is rebooted, apparmor starts to block access to vms for libvirt daemon.
Example logs:
/var/log/kern.log:
<5>Jul 9 13:06:54 node-4 kernel: [ 18.127069] type=1400 audit(143644721
<5>Jul 9 13:06:54 node-4 kernel: [ 18.127303] type=1400 audit(143644721
/var/log/
2015-07-09 13:09:09.983+0000: 3728: error : virProcessKillP
release: "7.0"
openstack_
api: "1.0"
build_number: "14"
build_id: "2015-07-
nailgun_sha: "976baf842242a5
python-
astute_sha: "9cbb8ae5adbe6e
fuel-library_sha: "6b0c909ad800e9
fuel-ostf_sha: "e3ad92b0e4a930
fuelmain_sha: "185d21d4d42233
Changed in mos: | |
importance: | Undecided → High |
assignee: | nobody → MOS Linux (mos-linux) |
status: | New → Confirmed |
Changed in mos: | |
importance: | High → Undecided |
importance: | Undecided → High |
Changed in mos: | |
status: | Triaged → In Progress |
tags: | added: scale |
Changed in mos: | |
status: | Fix Committed → Fix Released |
We ship custom libvirt (not from Ubuntu but from Debian), which does not have apparmor rules at all: /review. fuel-infra. org/gitweb? p=packages/ trusty/ libvirt. git;a=commit; h=abedecff4bede 482906227a5cedb b17cf1b8302d
https:/
They should be added to the package, ensuring the presence of this particular fix: /bugs.launchpad .net/ubuntu/ +source/ apparmor/ +bug/1298611
https:/